diff options
Diffstat (limited to 'mediagoblin/edit')
| -rw-r--r-- | mediagoblin/edit/forms.py | 42 | ||||
| -rw-r--r-- | mediagoblin/edit/lib.py | 2 | ||||
| -rw-r--r-- | mediagoblin/edit/routing.py | 2 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 129 |
4 files changed, 127 insertions, 48 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index c0bece8b..83e83c3c 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -24,8 +24,20 @@ from mediagoblin.tools.metadata import DEFAULT_SCHEMA, DEFAULT_CHECKER from mediagoblin.auth.tools import normalize_user_or_email_field +class WebsiteField(wtforms.StringField): + """A field that expects a website URL but adds http:// if not provided.""" + def process_formdata(self, valuelist): + if valuelist: + data = valuelist[0] + if not data.startswith((u'http://', u'https://')): + data = u'http://' + data + self.data = data + else: + super(WebsiteField, self).process_formdata(valuelist) + + class EditForm(wtforms.Form): - title = wtforms.TextField( + title = wtforms.StringField( _('Title'), [wtforms.validators.Length(min=0, max=500)]) description = wtforms.TextAreaField( @@ -33,12 +45,12 @@ class EditForm(wtforms.Form): description=_("""You can use <a href="http://daringfireball.net/projects/markdown/basics"> Markdown</a> for formatting.""")) - tags = wtforms.TextField( + tags = wtforms.StringField( _('Tags'), [tag_length_validator], description=_( "Separate tags by commas.")) - slug = wtforms.TextField( + slug = wtforms.StringField( _('Slug'), [wtforms.validators.InputRequired(message=_("The slug can't be empty"))], description=_( @@ -49,6 +61,7 @@ class EditForm(wtforms.Form): [wtforms.validators.Optional(),], choices=licenses_as_choices()) + class EditProfileForm(wtforms.Form): bio = wtforms.TextAreaField( _('Bio'), @@ -56,10 +69,14 @@ class EditProfileForm(wtforms.Form): description=_("""You can use <a href="http://daringfireball.net/projects/markdown/basics"> Markdown</a> for formatting.""")) - url = wtforms.TextField( + url = WebsiteField( _('Website'), [wtforms.validators.Optional(), - wtforms.validators.URL(message=_("This address contains errors"))]) + wtforms.validators.URL(message=_("This address contains errors"))], + description=_("www.example.com, http://www.example.com or " + "https://www.example.com")) + + location = wtforms.StringField(_('Hometown')) class EditAccountForm(wtforms.Form): @@ -78,14 +95,14 @@ class EditAccountForm(wtforms.Form): class EditAttachmentsForm(wtforms.Form): - attachment_name = wtforms.TextField( + attachment_name = wtforms.StringField( 'Title') attachment_file = wtforms.FileField( 'File') class EditCollectionForm(wtforms.Form): - title = wtforms.TextField( + title = wtforms.StringField( _('Title'), [wtforms.validators.Length(min=0, max=500), wtforms.validators.InputRequired(message=_("The title can't be empty"))]) description = wtforms.TextAreaField( @@ -93,7 +110,7 @@ class EditCollectionForm(wtforms.Form): description=_("""You can use <a href="http://daringfireball.net/projects/markdown/basics"> Markdown</a> for formatting.""")) - slug = wtforms.TextField( + slug = wtforms.StringField( _('Slug'), [wtforms.validators.InputRequired(message=_("The slug can't be empty"))], description=_( @@ -115,7 +132,7 @@ class ChangePassForm(wtforms.Form): class ChangeEmailForm(wtforms.Form): - new_email = wtforms.TextField( + new_email = wtforms.StringField( _('New email address'), [wtforms.validators.InputRequired(), normalize_user_or_email_field(allow_user=False)]) @@ -125,6 +142,7 @@ class ChangeEmailForm(wtforms.Form): description=_( "Enter your password to prove you own this account.")) + class MetaDataValidator(object): """ Custom validator which runs form data in a MetaDataForm through a jsonschema @@ -151,9 +169,11 @@ class MetaDataValidator(object): raise wtforms.validators.ValidationError( errors.pop()) + class MetaDataForm(wtforms.Form): - identifier = wtforms.TextField(_(u'Identifier'),[MetaDataValidator()]) - value = wtforms.TextField(_(u'Value')) + identifier = wtforms.StringField(_(u'Identifier'),[MetaDataValidator()]) + value = wtforms.StringField(_(u'Value')) + class EditMetaDataForm(wtforms.Form): media_metadata = wtforms.FieldList( diff --git a/mediagoblin/edit/lib.py b/mediagoblin/edit/lib.py index 6acebc96..3f52376a 100644 --- a/mediagoblin/edit/lib.py +++ b/mediagoblin/edit/lib.py @@ -17,7 +17,7 @@ def may_edit_media(request, media): """Check, if the request's user may edit the media details""" - if media.uploader == request.user.id: + if media.actor == request.user.id: return True if request.user.has_privilege(u'admin'): return True diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index a2d03d26..b349975d 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -28,3 +28,5 @@ add_route('mediagoblin.edit.verify_email', '/edit/verify_email/', 'mediagoblin.edit.views:verify_email') add_route('mediagoblin.edit.email', '/edit/email/', 'mediagoblin.edit.views:change_email') +add_route('mediagoblin.edit.deauthorize_applications', '/edit/deauthorize/', + 'mediagoblin.edit.views:deauthorize_applications') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index e998d6be..b15fb2e7 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -14,6 +14,8 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import six + from datetime import datetime from itsdangerous import BadSignature @@ -45,7 +47,7 @@ from mediagoblin.tools.text import ( convert_to_tag_list_of_dicts, media_tags_as_string) from mediagoblin.tools.url import slugify from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used -from mediagoblin.db.models import User +from mediagoblin.db.models import User, LocalUser, Client, AccessToken, Location import mimetypes @@ -71,7 +73,7 @@ def edit_media(request, media): # Make sure there isn't already a MediaEntry with such a slug # and userid. slug = slugify(form.slug.data) - slug_used = check_media_slug_used(media.uploader, slug, media.id) + slug_used = check_media_slug_used(media.actor, slug, media.id) if slug_used: form.slug.errors.append( @@ -82,17 +84,18 @@ def edit_media(request, media): media.tags = convert_to_tag_list_of_dicts( form.tags.data) - media.license = unicode(form.license.data) or None + media.license = six.text_type(form.license.data) or None media.slug = slug media.save() return redirect_obj(request, media) if request.user.has_privilege(u'admin') \ - and media.uploader != request.user.id \ + and media.actor != request.user.id \ and request.method != 'POST': messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _("You are editing another user's media. Proceed with caution.")) return render_to_response( @@ -140,7 +143,7 @@ def edit_attachments(request, media): attachment_public_filepath \ = mg_globals.public_store.get_unique_filepath( - ['media_entries', unicode(media.id), 'attachment', + ['media_entries', six.text_type(media.id), 'attachment', public_filename]) attachment_public_file = mg_globals.public_store.get_file( @@ -162,10 +165,11 @@ def edit_attachments(request, media): media.save() messages.add_message( - request, messages.SUCCESS, - _("You added the attachment %s!") \ - % (form.attachment_name.data - or request.files['attachment_file'].filename)) + request, + messages.SUCCESS, + _("You added the attachment %s!") % + (form.attachment_name.data or + request.files['attachment_file'].filename)) return redirect(request, location=media.url_for_self(request.urlgen)) @@ -195,24 +199,41 @@ def edit_profile(request, url_user=None): # No need to warn again if admin just submitted an edited profile if request.method != 'POST': messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _("You are editing a user's profile. Proceed with caution.")) user = url_user + # Get the location name + if user.location is None: + location = "" + else: + location = user.get_location.name + form = forms.EditProfileForm(request.form, url=user.url, - bio=user.bio) + bio=user.bio, + location=location) if request.method == 'POST' and form.validate(): - user.url = unicode(form.url.data) - user.bio = unicode(form.bio.data) + user.url = six.text_type(form.url.data) + user.bio = six.text_type(form.bio.data) + + # Save location + if form.location.data and user.location is None: + user.get_location = Location(name=six.text_type(form.location.data)) + elif form.location.data: + location = user.get_location + location.name = six.text_type(form.location.data) + location.save() user.save() - messages.add_message(request, - messages.SUCCESS, - _("Profile changes saved")) + messages.add_message( + request, + messages.SUCCESS, + _("Profile changes saved")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) @@ -243,9 +264,10 @@ def edit_account(request): user.license_preference = form.license_preference.data user.save() - messages.add_message(request, - messages.SUCCESS, - _("Account settings saved")) + messages.add_message( + request, + messages.SUCCESS, + _("Account settings saved")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) @@ -256,6 +278,34 @@ def edit_account(request): {'user': user, 'form': form}) +@require_active_login +def deauthorize_applications(request): + """ Deauthroize OAuth applications """ + if request.method == 'POST' and "application" in request.form: + token = request.form["application"] + access_token = AccessToken.query.filter_by(token=token).first() + if access_token is None: + messages.add_message( + request, + messages.ERROR, + _("Unknown application, not able to deauthorize") + ) + else: + access_token.delete() + messages.add_message( + request, + messages.SUCCESS, + _("Application has been deauthorized") + ) + + access_tokens = AccessToken.query.filter_by(actor=request.user.id) + applications = [(a.get_requesttoken, a) for a in access_tokens] + + return render_to_response( + request, + 'mediagoblin/edit/deauthorize_applications.html', + {'applications': applications} + ) @require_active_login def delete_account(request): @@ -269,7 +319,8 @@ def delete_account(request): request.session.delete() # Delete user account and all related media files etc.... - request.user.delete() + user = User.query.filter(User.id==user.id).first() + user.delete() # We should send a message that the user has been deleted # successfully. But we just deleted the session, so we @@ -278,7 +329,8 @@ def delete_account(request): else: # Did not check the confirmation box... messages.add_message( - request, messages.WARNING, + request, + messages.WARNING, _('You need to confirm the deletion of your account.')) # No POST submission or not confirmed, just show page @@ -304,37 +356,40 @@ def edit_collection(request, collection): if request.method == 'POST' and form.validate(): # Make sure there isn't already a Collection with such a slug # and userid. - slug_used = check_collection_slug_used(collection.creator, + slug_used = check_collection_slug_used(collection.actor, form.slug.data, collection.id) # Make sure there isn't already a Collection with this title existing_collection = request.db.Collection.query.filter_by( - creator=request.user.id, + actor=request.user.id, title=form.title.data).first() if existing_collection and existing_collection.id != collection.id: messages.add_message( - request, messages.ERROR, - _('You already have a collection called "%s"!') % \ + request, + messages.ERROR, + _('You already have a collection called "%s"!') % form.title.data) elif slug_used: form.slug.errors.append( _(u'A collection with that slug already exists for this user.')) else: - collection.title = unicode(form.title.data) - collection.description = unicode(form.description.data) - collection.slug = unicode(form.slug.data) + collection.title = six.text_type(form.title.data) + collection.description = six.text_type(form.description.data) + collection.slug = six.text_type(form.slug.data) collection.save() return redirect_obj(request, collection) if request.user.has_privilege(u'admin') \ - and collection.creator != request.user.id \ + and collection.actor != request.user.id \ and request.method != 'POST': messages.add_message( - request, messages.WARNING, - _("You are editing another user's collection. Proceed with caution.")) + request, + messages.WARNING, + _("You are editing another user's collection. " + "Proceed with caution.")) return render_to_response( request, @@ -388,6 +443,7 @@ def verify_email(request): user=user.username) +@require_active_login def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.form) @@ -399,8 +455,9 @@ def change_email(request): if request.method == 'POST' and form.validate(): new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() + users_with_email = User.query.filter( + LocalUser.email==new_email + ).count() if users_with_email: form.new_email.errors.append( @@ -450,10 +507,10 @@ def edit_metadata(request, media): json_ld_metadata = compact_and_validate(metadata_dict) media.media_metadata = json_ld_metadata media.save() - return redirect_obj(request, media) + return redirect_obj(request, media) if len(form.media_metadata) == 0: - for identifier, value in media.media_metadata.iteritems(): + for identifier, value in six.iteritems(media.media_metadata): if identifier == "@context": continue form.media_metadata.append_entry({ 'identifier':identifier, |